<span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text" ><p><img src="http://cdn2.hubspot.net/hubfs/2548414/Blog%20images/banking.jpg" alt="banking.jpg" width="454" style="width: 640px;" height="302"></p> <p>Banking Malware steals millions of dollars from both personal and business accounts in the United States every year. Personal accounts are insured by federal banking regulations, but businesses are less protected.</p> <!--more--><p>We have had several individual targets to protect from various malwares for a while now and today we are happy to announce that we have added new compound targets, which group all of the various banking specific malwares so that you can add them to your policies.</p> <p>Banking Malware domains - This RPZ target lists Banking Malware domains including:</p> <ul> <li><u>Tiny Banker Trojan</u> (also: Tinba) is a malware program that targets financial institution websites. It is a modified form of an older form of viruses known as Banker Trojans, yet it is much smaller in size and more powerful. It works by establishing man-in-the-browser attacks and network sniffing. Tinbas infrastructure, among others, was taken down during the <a href="https://t.co/k1zuHLrTax">Avalanche</a> network takedown on November 30<sup>th</sup> Having this list in your policy will allow you to see infections by the malware which needs to be clean up, but they are not a threat to your network.</li> <li><u>Necurs</u> is widely believed to be one of the largest botnets (with 6.1 million functioning bots) and is responsible for millions of dollars in losses tied to ransomware and Dridex banking Trojan infections.</li> <li><u>Fobber</u> is an information-stealing Trojan that focuses on online activity. Fobber grabs the passwords to your valuable accounts, primarily targeting the banking accounts. Fobber intercepts any information that you type on the financial platforms. This data is then encrypted and sent to the C&amp;C servers.</li> <li><u>Dyre</u> attempts to steal sensitive user information, particularly banking information, by intercepting this information when it is passed between your web browser and the target website. This malware is often distributed in scam type phishing emails that ask the user to download a ZIP file. Dyre has the ability to bypass certain online security solutions like SSL and two-factor authentication.</li> <li><u>Banjori</u> (also: MultiBanker 2 or BankPatch/BackPatcher) steals personal information, such as your user names and passwords. It sends the stolen information to a C&amp;C servers.</li> <li><u>ZeuS</u> is used to steal banking information by man-in-the-browser keystroke logging and form grabbing.</li> <li><u>Feodo</u> (also known as Cridex or Bugat) and its successor Dridex are Trojans used to commit ebanking fraud and steal sensitive information from the victim’s computer, such as credit card details or credentials.</li> <li><u>Shifu</u> uses tactics, techniques and procedures from multiple malware families including Shiz, Zeus and Dridex to steal user information.</li> <li>This Target also includes our new manual list <u>TS</u><u>Banking domains</u>, which will include domains that the ThreatSTOP security team has determined are current and active Banking Threats. This target is also available by itself in expert mode.</li> </ul> <p>Banking Malware IPs – This IP Target lists Banking Malware IP addresses including:</p> <ul> <li><u>ZeuS</u> is used to steal banking information by man-in-the-browser keystroke logging and form grabbing.</li> <li><u>Feodo</u> (also known as Cridex or Bugat) and its successor Dridex are Trojans used to commit ebanking fraud and steal sensitive information from the victim’s computer, such as credit card details or credentials.</li> <li>This Target also includes our new manual list <u>TSBanking</u><u> IPs</u>, which will include IP addresses that the ThreatSTOP security team has determined are current and active Banking Threats. This target is also available by itself in expert mode.</li> </ul> <p>We will keep adding more malware banking families to these targets as we get the feeds and will keep protecting you all the time.</p> <p>All of our IP targets are available for both IP and DNS Firewall clients.</p> <p>Our RPZ targets are only available to the DNS Firewall customers – if you do not have a DNS Firewall, it’s time to upgrade. Contact us at 1-855-958-7867 or&nbsp;<a href="mailto:success@threatstop.com">success@threatstop.com</a>&nbsp;</p></span>